There's a pervasive lack of precision in privacy discussions. There's a difference between a network request that does some computation on the server side, one that does the same but may log errors and increment counters, and one that actually stores the data temporarily or for a long time. And in the last case, there's a difference between the data being nigh-impossible for internal employees to access (perhaps only used as input for other automated systems), and data with few controls. What about the ability of the user to invoke a delete for all their data on the server side? There's so many dimensions.
This is not a useless feature. I can imagine it might help someone make a better presentation. We have to weigh the potential privacy implications against that.
And asking the user to consent for every little thing isn't the solution either. It's so annoying to be pin-pricked by dialogs. At work, this sorta thing should be decided at the organization level, by setting appropriate fine-grained org policies for Office.
Do you make the same differentiation when it comes to what Chinese companies may collect from the computers of American companies? Especially this part:
> there's a difference between the data being nigh-impossible for internal employees to access (perhaps only used as input for other automated systems), and data with few controls.
This bias is very apparent in most of western media.
A Chinese software vendor could do as much as sending your keystrokes for autocomplete you bet it will be front page news on Reddit and here with every comment reminding me about Xinjiang and 1989.
But Microsoft could upload the entirety of your hard drive and we would find apologists like OP rationalizing away the behavior.
I’m not convinced either governments are not in kahoots with private companies.
> A Chinese software vendor could do as much as sending your keystrokes for autocomplete you bet it will be front page news on Reddit
Yes? It’s not like it’s a double standard or remotely hypocritical to hold a US corporation or the US government to different standards than a Chinese counterpart.
> There's a pervasive lack of precision in privacy discussions. There's a difference between a network request that does some computation on the server side, one that does the same but may log errors and increment counters, and one that actually stores the data temporarily or for a long time. And in the last case, there's a difference between the data being nigh-impossible for internal employees to access (perhaps only used as input for other automated systems), and data with few controls.
This seems like less of a "precision" issue and more of a "transparency and accountability" issue. Do you know how long this information is stored by Microsoft? Where it is stored? Who has access? What the process is for requesting that data is deleted or even for opting-out of it's collection? An opt-in prompt is a great place for organizations to provide access to resources that answer these questions.
When we don't have the answers to the questions, (or don't trust the organization providing the answers to be truthful), we should assume the worst case, not the best as you seem to be implying.
> And asking the user to consent for every little thing isn't the solution either.
Prompts/permission can have varying and nested levels of granularity. This is absolutely not an excuse for not providing opt-in for data collection. (Edit: E.G. You can simply ask "Allow Us to Collect Data: Always, Never, Sometimes" and then you only need to show additional prompts if they select "Sometimes". If you are seeing to many people saying "Never" then you can do a better job of explaining the benefits/features, but you can't just ethically ignore the wishes of the user.)
I see no problem with organizations pre-deciding this for their employees, (thus no need for a prompt), but this doesn't remove the need for individuals and members of less organized organizations to have the ability to not have their data collected.
Yes, it helps Microsoft, and it helps The Powers That Be advance their goal of total information awareness to maximize their security and power and be unaccountable. As a bonus, the harm it does to users is hard to see and hard to reason about, so the genuine proponents and their useful-idiot accomplices throughout the tech (and political) world have been very weakly opposed in advancing the pervasive surveillance agenda.
This is not a useless feature. I can imagine it might help someone make a better presentation. We have to weigh the potential privacy implications against that.
And asking the user to consent for every little thing isn't the solution either. It's so annoying to be pin-pricked by dialogs. At work, this sorta thing should be decided at the organization level, by setting appropriate fine-grained org policies for Office.